--- a/deb/apache-letsencrypt.bash Tue Feb 13 21:16:39 2024 +0200
+++ b/deb/apache-letsencrypt.bash Wed May 28 00:24:42 2025 +0300
@@ -1,9 +1,14 @@
#!/bin/bash
-mkdir /srv/www/letsencrypt
+apt install certbot
+
+mkdir -p /srv/www/letsencrypt
# service apache2 stop
# --standalone
+
+# Command requires Apache or Lighttpd running and aliasing (no need to stop Apache!):
+# Alias "/.well-known/acme-challenge/" "/srv/www/letsencrypt/.well-known/acme-challenge/"
certbot certonly --webroot \
--agree-tos --non-interactive \
-m gavenkoa@gmail.com \
@@ -27,3 +32,38 @@
# systemctl reload apache2
# sudo certbot --apache --agree-tos --redirect -m youremail@email.com -d domainname.com -d www.domainname.com
+
+# apt download python3-certbot-apache
+# /usr/lib/python3/dist-packages/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf
+# /usr/lib/python3/dist-packages/certbot_apache/_internal/tls_configs/old-options-ssl-apache.conf
+cat >/srv/www/letsencrypt/apache-ssl-options.conf <<EOF
+SSLEngine on
+SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
+SSLOptions +StrictRequire
+
+# Add vhost name to log entries:
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
+LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
+EOF
+
+cat >/etc/cron.weekly/defun-letsencrypt.bash <<EOF
+#!/bin/bash
+
+certbot certonly --webroot \
+ --agree-tos --non-interactive \
+ -m gavenkoa@gmail.com \
+ -w /srv/www/letsencrypt \
+ --cert-name defun.work \
+ -d defun.work \
+ -d 2048.defun.work \
+ -d blog.defun.work \
+ -d cooking.defun.work \
+ -d gadict.defun.work \
+ -d hg.defun.work \
+ -d resume.defun.work \
+ -d stat.defun.work \
+ -d test.defun.work \
+ -d tips.defun.work
+
+EOF
+chmod a+x /etc/cron.weekly/defun-letsencrypt.bash
--- a/deb/apache-register-2048.bash Tue Feb 13 21:16:39 2024 +0200
+++ b/deb/apache-register-2048.bash Wed May 28 00:24:42 2025 +0300
@@ -35,7 +35,7 @@
SSLCertificateFile /etc/letsencrypt/live/defun.work/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/defun.work/privkey.pem
- Include /etc/letsencrypt/options-ssl-apache.conf
+ Include /srv/www/letsencrypt/apache-ssl-options.conf
</VirtualHost>
</IfModule>
EOF
--- a/deb/apache-register-blog.bash Tue Feb 13 21:16:39 2024 +0200
+++ b/deb/apache-register-blog.bash Wed May 28 00:24:42 2025 +0300
@@ -35,7 +35,7 @@
SSLCertificateFile /etc/letsencrypt/live/defun.work/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/defun.work/privkey.pem
- Include /etc/letsencrypt/options-ssl-apache.conf
+ Include /srv/www/letsencrypt/apache-ssl-options.conf
</VirtualHost>
</IfModule>
EOF
--- a/deb/apache-register-cooking.bash Tue Feb 13 21:16:39 2024 +0200
+++ b/deb/apache-register-cooking.bash Wed May 28 00:24:42 2025 +0300
@@ -35,7 +35,7 @@
SSLCertificateFile /etc/letsencrypt/live/defun.work/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/defun.work/privkey.pem
- Include /etc/letsencrypt/options-ssl-apache.conf
+ Include /srv/www/letsencrypt/apache-ssl-options.conf
</VirtualHost>
</IfModule>
EOF
--- a/deb/apache-register-forward-proxy.bash Tue Feb 13 21:16:39 2024 +0200
+++ b/deb/apache-register-forward-proxy.bash Wed May 28 00:24:42 2025 +0300
@@ -43,7 +43,7 @@
SSLCertificateFile /etc/letsencrypt/live/defun.work/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/defun.work/privkey.pem
- Include /etc/letsencrypt/options-ssl-apache.conf
+ Include /srv/www/letsencrypt/apache-ssl-options.conf
</VirtualHost>
</IfModule>
'EOF'
--- a/deb/apache-register-gadict.bash Tue Feb 13 21:16:39 2024 +0200
+++ b/deb/apache-register-gadict.bash Wed May 28 00:24:42 2025 +0300
@@ -41,7 +41,7 @@
SSLCertificateFile /etc/letsencrypt/live/defun.work/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/defun.work/privkey.pem
- Include /etc/letsencrypt/options-ssl-apache.conf
+ Include /srv/www/letsencrypt/apache-ssl-options.conf
</VirtualHost>
</IfModule>
EOF
--- a/deb/apache-register-hg.bash Tue Feb 13 21:16:39 2024 +0200
+++ b/deb/apache-register-hg.bash Wed May 28 00:24:42 2025 +0300
@@ -53,6 +53,11 @@
Require all granted
</Directory>
+ # Discourage bots indexing HG: Python is slow and cause OOM kills...
+ <IfModule mod_headers.c>
+ Header add "X-Robots-Tag" "noindex, nofollow"
+ </IfModule>
+
ScriptAliasMatch ^/(.*) /srv/hg/hgweb.cgi/\$1
<Directory "/srv/hg/">
@@ -68,6 +73,10 @@
DocumentRoot /srv/hg
ServerName hg.defun.work
+ <IfModule mod_headers.c>
+ Header add "X-Robots-Tag" "noindex, nofollow"
+ </IfModule>
+
ScriptAliasMatch ^/(.*) /srv/hg/hgweb.cgi/\$1
<Directory "/srv/hg/">
@@ -81,4 +90,5 @@
EOF
a2ensite hg
+a2enmod headers
service apache2 reload
--- a/deb/apache-register-resume.bash Tue Feb 13 21:16:39 2024 +0200
+++ b/deb/apache-register-resume.bash Wed May 28 00:24:42 2025 +0300
@@ -35,7 +35,7 @@
SSLCertificateFile /etc/letsencrypt/live/defun.work/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/defun.work/privkey.pem
- Include /etc/letsencrypt/options-ssl-apache.conf
+ Include /srv/www/letsencrypt/apache-ssl-options.conf
</VirtualHost>
</IfModule>
EOF
--- a/deb/apache-register-stat.bash Tue Feb 13 21:16:39 2024 +0200
+++ b/deb/apache-register-stat.bash Wed May 28 00:24:42 2025 +0300
@@ -35,7 +35,7 @@
SSLCertificateFile /etc/letsencrypt/live/defun.work/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/defun.work/privkey.pem
- Include /etc/letsencrypt/options-ssl-apache.conf
+ Include /srv/www/letsencrypt/apache-ssl-options.conf
</VirtualHost>
</IfModule>
EOF
--- a/deb/apache-register-test.bash Tue Feb 13 21:16:39 2024 +0200
+++ b/deb/apache-register-test.bash Wed May 28 00:24:42 2025 +0300
@@ -35,7 +35,7 @@
SSLCertificateFile /etc/letsencrypt/live/defun.work/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/defun.work/privkey.pem
- Include /etc/letsencrypt/options-ssl-apache.conf
+ Include /srv/www/letsencrypt/apache-ssl-options.conf
</VirtualHost>
</IfModule>
EOF
--- a/deb/apache-register-tips.bash Tue Feb 13 21:16:39 2024 +0200
+++ b/deb/apache-register-tips.bash Wed May 28 00:24:42 2025 +0300
@@ -35,7 +35,7 @@
SSLCertificateFile /etc/letsencrypt/live/defun.work/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/defun.work/privkey.pem
- Include /etc/letsencrypt/options-ssl-apache.conf
+ Include /srv/www/letsencrypt/apache-ssl-options.conf
</VirtualHost>
</IfModule>
EOF
--- a/deb/apache-register-welcome.bash Tue Feb 13 21:16:39 2024 +0200
+++ b/deb/apache-register-welcome.bash Wed May 28 00:24:42 2025 +0300
@@ -35,7 +35,7 @@
SSLCertificateFile /etc/letsencrypt/live/defun.work/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/defun.work/privkey.pem
- Include /etc/letsencrypt/options-ssl-apache.conf
+ Include /srv/www/letsencrypt/apache-ssl-options.conf
</VirtualHost>
</IfModule>
EOF